Ad Lightning's propriety and patent-pending tools detect and stop unwanted behaviors and attributes in ads. Ad Lightning uses a combination of real-time & predictive payload analysis, validated malicious signatures and other machine learning techniques to ensure that new threats are detected, reported and blocked on the fly. What's included:

How it Works

The Ad Lightning Blocking Solution can be deployed on your site in one of 2 ways:  (1) as an on-page script (preferred) or (2) as a Google Ad Manager creative wrapper.  The solutions allow ads to flow through the standard Real-Time-Bidding (RTB) delivery process (steps 1-5 below) without any disruption.

Before delivery, the Ad Lightning Blocking Solution takes the ad markup from the winning creative, checks against our blocklist, and does not render the ad if our checks fail.  

Blocklist attributes include:

You can find a more complete list of Ad Lightning's Blocking Taxonomy here.

Dynamic Analysis and Proactive Blocking:

Our blocking technology includes continuously improved and enhanced dynamic analysis to detect novel threats in real-time.

Some solutions block malicious code in ads on the page -- does Ad Lightning do that?

Yes, we will block malicious code in an ad that has rendered on the page, but our philosophy is that bad ads should never make it to the page in the first place. Just because one script has been removed, other parts of the creative (like the click-through url) can still be problematic, which is why in most cases we prevent the entire ad from rendering, and, to help you remonetize the ad slot, we will get you a new one using your Google Ad Manager's refresh mechanism.

There are two ways to implement our wrapper - using our on page script (OP) or a Google Ad Manager (GAM) creative wrapper (CW). OP is the best option if you:

If none of the above fit, then our creative wrapper is the best solution.

For clients that choose the on-page integration (which is our preferred solution), the recommended implementation is to place our script in the <head> element, directly after any Consent Management Platform provder script and before any ad tech scripts. If that is not possible, then our script simply needs to be added after the googletag object is defined, but before any of the ad units get defined/placed onto the googletag command queue.

Here is a sample script:

<script src="https://tagan.adlightning.com/CLIENT/op.js" defer></script>

To implement our on page script via Google Tag Manager (GTM), please read here.

Implementation of the wrapper depends on your version of GAM.  Ad Lightning will work with your ops team to determine the best process based on your tech stack.

Please ensure that the Ad Lightning wrapper is the outer-most wrapper when it's applied (outside of IAS, etc).

Users can implement ADL wrappers by using Creative Wrappers (to wrap an entire ad slot) or by using Creative Templates (to narrow the scope of the wrapper to specific creatives).

Please read here for our platform integration guide.

Current Ad Lightning publisher partners and new customers alike can take advantage of our partnership with Amazon Publisher Services (APS) Marketplace. The integration not only provides more effective ad quality protection against malware, but also offers a turnkey way for shared partners to enable the Ad Lightning script across all of their demand.

Ad Lightning offers unique features for client-specific customization.

Standard Configuration:

With the Standard configuration, our blocking wrapper automatically detects and blocks bad ads from rendering on your site. From there, you can easily add objects that are known to be safe and should be excluded from our blocking wrapper to an Exclusion List.

Selective Configuration:

With the Selective Configuration option, ads will not be protected by default. Instead, you build an Inclusion List by adding DFP objects that are known to be problematic and should be wrapped with our blocking wrapper. If you have a greater percentage of direct traffic on your site, this configuration option may be best for you, as you can opt to have only programmatic objects on your Inclusion List.

GAM Integration:

To programmatically sync orders, line items, and creative IDs to your GAM instance, please read here.

Brand and Category blocking options available in the UI. Learn more here.

If you're an on-page script (OPS) client, Report an Ad works in tandem and gives users on your site the option to interact with and give feedback on your ads from your site in real time. Check it out here for more information, and reach out to your Account Manager to get it set up on your account.

The Ad Lightning wrapper adds minimal latency.  The average initial payload is about 50ms. A subsequent ad loads take 5-10ms. The script is cached once-per-day so that subsequent loads are typically faster and are based on how long it takes the browser to read its cache.
​

In addition to looking for known signatures (static denylist analysis), Ad Lightning's script also conducts dynamic analysis to identify misbehaving scripts in the wild, to ensure that new threats are detected on the spot. Our proprietary combination of a denylist, coupled with in-browser scanning and advanced AI security research tools, blocks bad ads on the fly so that pages remain performant and 3rd party reporting isn't disrupted.

If the malicious code appears after the initial markup, Ad Lightning will prevent the malicious code from executing and the ad will render as expected. Impression trackers will fire and be counted as expected.

If the malware exists within the creative markup, Ad Lightning will block the ad from rendering. Our belief is that creatives that contain anything malicious should not be allowed to render, as there are often multiple malicious objects in a creative. Once the ad is blocked, Ad Lightning calls the Google Publisher Tag (GPT) refreshSlot() function. GPT's refreshSlot mechanism triggers a net-new impression and allows you to remonetize the slot. The ad selected is based on your adserver's configuration. In many cases, because the creative is blocked prior to rendering, impression trackers aren’t fired and the impression is not counted by the DSP, SSP, or ad server. There may one-off instances where a tracker is fired, however, it’s important to remember that block rates are typically less than 0.5% and these instances do not lead to any material discrepancies.

This feature is enabled by default for our on-page script and publisher creative wrapper clients. If you'd like to disable this feature, please inform your Account Manager.

Reporting is available in the Ad Lightning dashboard.  For ads that are blocked, we provide complete reporting, which includes:

Read more about reporting here.

Because the on-page solution is NOT applied through GAM, it has a few advantages over a creative wrapper deployment:

Site Scanning is a critical component of a successful blocking strategy.  By running Site Scans we are able to collect the HTML, as well as all the Javascript responses for each ad call.  This is the source of the bad ad behavior and in this data is the “signature” for the ad we put on our blocklists.  Scanning data also helps us reduce false positives because we have more granular detail on specific IDs to block, versus having to block entire domains, which is what happens with many of our competitors.

The reason is that bad actors are constantly evolving their techniques. New variants will get captured in our site scans first, and then we then run our internal process to identify the next signature to add to our blocklist.

Yes.  It's always good to alert your partners of changes that could impact delivery.  

Boltive will work closely with your team to test our wrapper across your site(s) to ensure there aren't any issues specific to your site or tech configuration.  It's important to follow the steps in the Implementation Checklist to ensure a seamless deployment.

Limitations of GAM creative wrapper implementations are documented here: https://support.google.com/admanager/answer/2797762?hl=en
​
Ad Lightning does not monitor creatives served through unfriendly iframes.

Updates made to the wrapper will affect all associated creatives. This makes updates across all monitored creatives easy if Ad Lightning provides updated template code. 

It's important to alert Ad Lightning to any custom creatives running on the page that impact the page layout, including wallpaper ads and sliding billboard units.

Using Ad Lightning should not cause a significant impact to your core web vitals. Ad tags use document.write() to render the ad. Since our script patches this method during our check of the ad markup, it can appear that AdLightning is using document.write(), however this is not the case, as it’s coming from the ad tag itself. Since our script patches/proxies document manipulation methods, it is possible that any ad related script can be attributed to our op.js script, because we would be at the top of the call chain. We break up our script into 3 parts: op.js (main page script to inject blocker and blacklist into ad frames), blocker.js (core blocking logic) and blacklist.js (our denylist).